Apple Migrating iOS 11 and macOS High Sierra Users With Two-Step Verification to Two-Factor Authentication

[MacRumors]

Apple recently emailed Apple ID users with two-step verification enabled to inform them that, upon installing iOS 11 or macOS High Sierra, they will be automatically updated to its newer two-factor authentication method.

Apple introduced two-factor authentication in 2015 as an improved version of its two-step verification method for securing an Apple ID account with both a password and a secondary form of verification. Two-factor authentication requires an Apple device with iOS 9, OS X El Capitan, watchOS 2, any tvOS version, or later.

The two security methods are similar in many ways, but two-factor authentication automatically sends a six-digit verification code to all trusted devices registered to a given Apple ID, whereas two-step verification manually prompts users to send a four-digit code to any SMS-capable trusted device registered.

Two-factor authentication also displays a map on all trusted devices with an approximate location of where an Apple ID sign-in attempt occurred when a user is trying to access the account from an unknown device or on the web.

Apple's two-factor authentication method disables the Recovery Key by default, since offline verification codes can be generated on trusted devices in the Settings app. On iOS, users can still enable the Recovery Key as a backup method in Settings > Apple ID > Password & Security > Recovery Key.

The full text of the email is copied below:

If you install the iOS 11 or macOS High Sierra public betas this summer and meet the basic requirements, your Apple ID will be automatically updated to use two-factor authentication. This is our most advanced, easy-to-use account security, and it's required to use some of the latest features of iOS, macOS, and iCloud.

Once updated, you'll get the same extra layer of security you enjoy with two-step verification today, but with an even better user experience. Verification codes will be displayed on your trusted devices automatically whenever you sign in, and you will no longer need to keep a printed recovery key to make sure you can reset a forgotten password.

iOS 11 and macOS High Sierra public betas will be available in late June through the Apple Beta Software Program. The software updates will be available for all eligible iOS devices and Macs in the fall.

Article Link: Apple Migrating iOS 11 and macOS High Sierra Users With Two-Step Verification to Two-Factor Authentication

 

[Amazing Iceman]

On Day 1, after upgrading to iOS 11 on one iPad, I got that email and notifications on all my Apple devices.

 

[jmh600cbr]

I'm not in the dev beta but I experienced some serious two factor bugs this weekend on multiple devices and multiple Apple IDs. It was frustrating

 

[splitpea]

So... does that mean that those of us who use our Apple IDs with devices that remain on older OS versions will no longer be able to authenticate on those older devices if we upgrade any of the others?

 

[Amazing Iceman]

So... does that mean that those of us who use our Apple IDs with devices that remain on older OS versions will no longer be able to authenticate on those older devices if we upgrade any of the others?

There's a workaround for older devices. The instructions to authenticate are slightly different. Just pay attention at the prompt and make sure to understand it and then follow the instructions.

 

[LordQ]

So... does that mean that those of us who use our Apple IDs with devices that remain on older OS versions will no longer be able to authenticate on those older devices if we upgrade any of the others?

I have an iPad 1 and an Apple TV 3, In order to authenticate Apple will send you the 4-digit access code, you will then need to type your usual password followed by the 4 numbers. Easy

 

[hagar]

I got that email last week and it was not at all clear what they were saying or what the difference is between the two methods. Very un-Apple.

This article makes it clear. I hope it's based on an updated form of the mail.

 

[Joe Rossignol]

I got that email last week and it was not at all clear what they were saying or what the difference is between the two methods. Very un-Apple.

This article makes it clear. I hope it's based on an updated form of the mail.

They only sent the one email. I received it too, and did some research into it. Glad it helps!

 

[TechGeek76]

Got this email last week.

 

[DCYorke]

None of my devices have the option for a recovery key (Settings > Apple ID > Password & Security > Recovery Key). I know MacRumors is in Canada, I'm in the states. Could this be a regional thing?

 

[kavi91]

"Apple's two-factor authentication method disables the Recovery Key by default, since offline verification codes can be generated on trusted devices in the Settings app. On iOS, users can still enable the Recovery Key as a backup method in Settings > Apple ID > Password & Security > Recovery Key."

There is NOT an option to generate a recovery key as a backup method. The recovery key only applies to 2 Step users not 2 Factor.
[doublepost=1497284910][/doublepost]

None of my devices have the option for a recovery key (Settings > Apple ID > Password & Security > Recovery Key). I know MacRumors is in Canada, I'm in the states. Could this be a regional thing?

There is NOT an option to generate a recovery key as a backup method. The recovery key only applies to 2 Step users not 2 Factor.

 

[atbaldwin]

What if you only own one or only currently have access to one Apple device? I must be misunderstanding because it seems like a prerequisite to using an Apple ID going forward is that you own - and have reliable/frequent access to - at least two Apple devices.

Please tell me I'm wrong. Please?

 

[vmachiel]

So... does that mean that those of us who use our Apple IDs with devices that remain on older OS versions will no longer be able to authenticate on those older devices if we upgrade any of the others?

Nothing. Factor auth works since iOS 9.
[doublepost=1497285180][/doublepost]

What if you only own one or only currently have access to one Apple device? I must be misunderstanding because it seems like a prerequisite to using an Apple ID going forward is that you own - and have reliable/frequent access to - at least two Apple devices.

Please tell me I'm wrong. Please?

It's not mandatory to use two factor, it's just an upgrade from two step.

 

[kavi91]

You should be able to use two factor with just one device, because remember you set up a phone number as a backup and apple will be able to send SMS to that number.

 

[pat500000]

I'm not in the dev beta but I experienced some serious two factor bugs this weekend on multiple devices and multiple Apple IDs. It was frustrating

Same with restoring my ipad.

 

[5105973]

What if you only own one or only currently have access to one Apple device? I must be misunderstanding because it seems like a prerequisite to using an Apple ID going forward is that you own - and have reliable/frequent access to - at least two Apple devices.

Please tell me I'm wrong. Please?

Welcome to the forum. I have difficulty understanding any of this myself. It's not the type of information I can process on only one cup of tea like I limited myself to this morning. I need one and a half cups of coffee and to actually be attempting to do the whatevers and whatsahoozits involved. I'm a learn as I do kind of person, usually.

Fortunately when my husband isn't available to help me the staff and members here have so far been able to get me out of all the jams.

This would hopelessly confuse my elderly inlaws. We don't even password protect their iPad anymore. That was a complete disaster when my sister in law did that to them. They only use the iPad to play card games and read the news.

 

[Joe Rossignol]

"Apple's two-factor authentication method disables the Recovery Key by default, since offline verification codes can be generated on trusted devices in the Settings app. On iOS, users can still enable the Recovery Key as a backup method in Settings > Apple ID > Password & Security > Recovery Key."

There is NOT an option to generate a recovery key as a backup method. The recovery key only applies to 2 Step users not 2 Factor.
[doublepost=1497284910][/doublepost]

There is NOT an option to generate a recovery key as a backup method. The recovery key only applies to 2 Step users not 2 Factor.

That's odd.

I have Two-Factor Authentication enabled and see the Recovery Key option still on the iOS 11 developer beta.

 

[drjeffsykes]

You should be able to use two factor with just one device, because remember you set up a phone number as a backup and apple will be able to send SMS to that number.

I can attest to this. My wife's iCloud account is used only for her phone. When we bought new phones last month, the two-factor authorization was required to complete the setup. When the new phone asked for the code that was sent to her trusted device, we simply responded that no code was received and were then given the option of having it sent by text to her number. The new phone received the code and automatically processed it, allowing the setup to proceed.

 

[hauntvictim]

I'm not in the dev beta but I experienced some serious two factor bugs this weekend on multiple devices and multiple Apple IDs. It was frustrating

I always have issues with it. Always!!!

 

[danmart]

I wonder if the map will show an accurate location for UK users other than just showing London? I'm almost never in London.

This confuses my dad no-end when he gets a message.

 

[Apple_Robert]

I have iOS 11 installed and don't recall getting an email from Apple. Haven't upgrades to MacOS High Sierra, yet. Would have been good if Apple left a message on the Developer account as well. I would have definitely seen it then.

 

[69650]

The location aspect is not very accurate. Everytime I login Apple thinks I'm London when I'm actually 200 miles away from London. Maybe it's the only UK city they know.

 

[justperry]

"Apple's two-factor authentication method disables the Recovery Key by default, since offline verification codes can be generated on trusted devices in the Settings app. On iOS, users can still enable the Recovery Key as a backup method in Settings > Apple ID > Password & Security > Recovery Key."

There is NOT an option to generate a recovery key as a backup method. The recovery key only applies to 2 Step users not 2 Factor.
[doublepost=1497284910][/doublepost]

There is NOT an option to generate a recovery key as a backup method. The recovery key only applies to 2 Step users not 2 Factor.

That's odd.

I have Two-Factor Authentication enabled and see the Recovery Key option still on the iOS 11 developer beta.

Same here, it's there, even on iOS with Two Factor enabled.

 

[MJedi]

I had to switch from to 2 Factor in order to use the Unlock with Apple Watch feature on Sierra. I wish there was an option to choose which devices get the verification code. Right now, it gets sent to EVERY DEVICE where my iCloud account is logged in. That's annoying, and could potentially be a security issue.

 

[PBG4 Dude]

So... does that mean that those of us who use our Apple IDs with devices that remain on older OS versions will no longer be able to authenticate on those older devices if we upgrade any of the others?

So far, I cannot log into my Apple ID on my iPad 1, the very first model from 2010. It's a bit frustrating.
The message says to input the two factor code but there is no way to do so.